# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision$
#

# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = <%= @ignoreip %>

# "bantime" is the number of seconds that a host is banned.
bantime  = <%= @bantime %>

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = <%= @findtime %>

# "maxretry" is the number of failures before a host get banned.
maxretry = <%= @maxretry %>

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
#          is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto:    will choose Gamin if available and polling otherwise.
backend = <%= @backend %>

#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = <%= @mail.destination %>

# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand = <%= @ignorecommand %>

# "usedns" specifies if jails should trust hostnames in logs,
#   warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes:   if a hostname is encountered, a DNS lookup will be performed.
# warn:  if a hostname is encountered, a DNS lookup will be performed,
#        but it will be logged as a warning.
# no:    if a hostname is encountered, will not be used for banning,
#        but it will be logged as info.
usedns = <%= @usedns %>

#
# ACTIONS
#
banaction = <%= @banaction %>
mta = <%= @mta %>
protocol = <%= @protocol %>

mailaction = %(mta)s-whois[name="%(__name__)s", dest="%(destemail)s", protocol="%(protocol)s", logpath="%(logpath)s", sender="<%= @mail['sender'] %>", host="<%= @host %>"]

action_ = %(banaction)s[name="%(__name__)s", port="%(port)s", protocol="%(protocol)s"]
action_mw = %(action_)s
              %(mailaction)s
action_mwl = %(action_)s
               %(mta)s-whois-lines[name="%(__name__)s", dest="%(destemail)s", protocol="%(protocol)s", logpath="%(logpath)s", sender="<%= @mail['sender'] %>", host="<%= @host %>"]

action = %(<%= @actions %>)s

#
# JAILS
#

# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
# was shipped in Debian. Enable any defined here jail by including
#
# [SECTION_NAME]
# enabled = true

<% @jails.each do |key, jail| %>
# jail <%= key %>
# <%= jail['comment'] %>
[<%= key %>]
<% jail['options'].each do |jail_option_key, jail_option_value| %>
<%= jail_option_key %> = <%= jail_option_value %>
<% end %>

<% end %>

